TanStack Supply Chain Attack: The CI Cache Was the Trust Boundary
New findings from the TanStack supply chain attack show how trusted publishing, CI caches, OIDC, and developer tooling became the attack path.
I said this was just the beginning. I undersold it.
Apple, Microsoft, Linux, PAN-OS, Canvas, Next.js, plus another supply chain encore: a week of disclosures since the 'three exploits in 72 hours' post.
3 exploits in 72 hours. I fear this is just the beginning.
Three critical incidents in under 72 hours: cPanel auth bypass exploited as 0-day, Linux Copy Fail kernel root, and Mini Shai-Hulud's npm and PyPI return.
Nightmare-Eclipse: Public PoC Meets Real Intrusion
Huntress caught the Nightmare-Eclipse toolkit (BlueHammer, RedSun, UnDefend, BeigeBurrow) in a live intrusion. Here are the IOCs and what we learned.
AI Is Finding Vulnerabilities Faster Than You Can Patch
Anthropic warns that AI models will surface vast numbers of hidden bugs within 24 months. A breakdown of their guidance and what it means for MSPs.
Project Glasswing: AI Finds Decades-Old Zero-Days
How Anthropic's Claude Mythos Preview autonomously discovered zero-days in OpenBSD, FreeBSD, and FFmpeg, and what Project Glasswing means for MSP defenders.
Axios npm Supply Chain Attack: What You Need to Know
Analysis of the axios npm supply chain attack that dropped a cross-platform RAT via maintainer account compromise, with IOCs and defensive steps.
LiteLLM Supply Chain Attack: What MSPs Need to Know
Analysis of the TeamPCP supply chain attack on LiteLLM via compromised Trivy GitHub Actions, covering the 3-layer payload, IOCs, and defensive actions for MSPs.
Huntress Blocks Device Code Phishing from Railway
Huntress deployed a conditional access policy across ITDR-protected tenants to block device code phishing from Railway infrastructure using AI-generated lures.
Fortinet 2025 Security Awareness Report: Key Findings
Analysis of the Fortinet 2025 Security Awareness and Training Report covering AI readiness gaps, training completion rates, and an action plan for MSP teams.
Huntress 2026 Cyber Threat Report: Key Findings for MSPs
Analysis of the Huntress 2026 Cyber Threat Report covering identity compromise, RMM abuse, ClickFix loaders, ransomware timelines, and a 30-day action plan.